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Abstract 

Security is an essential part of network 
communication. The advances in 
cryptography have provided solutions to 
many of the network security 

requirements. Public Key Infrastructure 
(PKI) is the foundation of the 

cryptography applications. The main 
objective of this research is to design a 
model to simulate a reliable, scalable, 
manageable, and high-performance 
public key infrastructure. 

We build a model to simulate the NASA 
public key infrastructure by using 
SimProcess and MatLab Software. The 
simulation is from top level all the way 
down to the computation needed for 
encryption, decryption, digital signature, 
and secure web server. The application 
of secure web server could be utilized in 
wireless communications. The results of 
the simulation are analyzed and 
confirmed by using queueing theory. 
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1. Introduction 

Security is an essential part of network 
communication. The advances in 
cryptography have provided solutions to 
many of the network security 
requirements, which include: 


• Confidentiality: Only the authorized 
party can read the message. 

• Integrity: The receiver must be able 
to identity that the message has not 
been tampered with. 

• Authentication: The receiver must 
also be able to confirm that the 
message is indeed from the right 
sender. 

• Non-repudiation: The sender can not 
deny that the message was indeed 
sent by him/her. 

The confidentiality, integrity and 
authentication requirements can be 
achieved through symmetric key 
cryptography, which is also called secret 
key cryptography because the sender and 
the receiver share the same secret key to 
encrypt or decrypt a message. The secret 
key algorithm has high performance, and 
it has been used widely in the world, 
such as the Data Encryption Standard 
(DES). 

However, the secret key cryptography 
has the following shortcomings: 

• Key distribution: How do you give 
the shared key to the other party? 

• Digital signature: The sender can 
deny that she/he sent the message 
because there is more than one 
person who knows the key. 
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2. Public Key Infrastructure 


3. Modeling of NASA’s PKI 


W. Diffie and M. Heilman published a 
new approach to cryptography in 1976 
[1]. R. Rivest, A. Shamir and L. 
Adleman published the RSA public key 
cryptography in 1978 [2], 

A pair of keys, i.e. a public key and a 
private key, is used in public key 
cryptography: 

• Encryption/Decryption: Alice uses 
Bob’s public key to encrypt a 
message and send it to him. Bob uses 
his private key to decrypt the 
message. 

• Digital Signature/Verification: Alice 
uses her private key to sign a 
message. Bob uses Alice’s public 
key to verify the signature. 

A certificate can be used to bind a 
person to his/her public key. This 
certificate is signed by a Certification 
Authority (CA) to authenticate the 
public key and its holder. The certificate 
is normally issued by a Registration 
Authority (RA) and stored in a directory 
for lookup and retrieval. A policy is used 
to enforce the security implementation. 
The CA, RA, directory, and policy are 
components of a Public Key 
Infrastructure (PKI), which is the 
foundation of many cryptography 
applications. The certificates used in this 
model are based on the X.509 standard 
[3], 


The PKI modeling in this paper focuses 
on the NASA’s PKI, which is in the 
process of being deployed by late 1998. 
The plan is to establish a Certification 
Authority at Ames Research Center, and 
a Registration Authority at Headquarters 
and each of its field centers. Each field 
center will have its own directory to 
store the certificates. 

In order to simulate the complete PKI 
processes, the model is broken into four 
levels using SimProcess software [4]: 

• Level 1 consists of one CA process 
at Ames Research Center, one RA 
process at each field center, and a 
branch activity to direct the 
certificates back to the originating 
centers (see Fig. 1). 

• Level 2 includes two main functions: 
registration and applications (see 
Fig. 2). The applications cover 
encryption / decryption, digital 
signature / verification, and secure 
web server. 

• Level 3 models the process in the 
registration and applications: key 
generation in Fig. 3, encryption and 
decryption in Fig. 4, digital signature 
in Fig. 5, signature verification in 
Fig. 6, and web guard of secure web 
server in Fig. 7. 

• Level 4 covers the detailed 
computational sequence of 
encryption in Fig. 8 and decryption 
in Fig. 9. 
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Fig. 1 : Level 1 Certificate Management System 
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Fig. 2: Level 2 Registration and Applications 
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Fig. 3: Level 3 Key Generation 
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Fig. 4: Level 3 Encryption and Decryption 
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Fig. 5: Level 3 Digital Signature 




Signature Verification 






Signed DoeumtmtCS) Public Key {E, N} RdttSt»£|o^ 


6: Level 3 Signature Verification 


4 



Web Guard 


Level 3 


Y« 


ila 

WebOuvd 


Wib Brower 


Haject 


Fig. 7: Level 3 Web Guard 
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Fig. 8: Level 4 Encryption 
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Fig. 9: Level 4 Decryption 


4. Secure Web Server and Wireless 
Communication 

The World Wide Web is a powerful 
communication tool, and the 
applications of the web have increased 
dramatically in the past few years. 
However, some applications may need to 
control access to certain web pages. 

There are two common ways for access 
control: 


User and password 

authentication; 

Client hostname and Internet 
Protocol (IP) address screening. 

Using the user and password 

authentication has several disadvantages: 
The password has to be sent 
through the communication 
channel. It may be stolen or 
reused even though it is 
encrypted; 
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It may be short and easily be 
guessed; 

Each web server may need to set 
up a password for each user. 

Screening the client hostname and IP 
address can be done by using the 
network prefix or the suffix of a 
hostname. For example, a web server 
can allow the user with .nasa.gov suffix 
to access a page. However, it also has 
several disadvantages: 

- The user may not register his IP 
address in the Domain Name 
System; 

An IP address may be dynamically 
assigned using the Point-to-Point 
Protocol (PPP) provided by an 
Internet service provider, or using 
the Dynamic Host Configuration 
Protocol (DHCP); 

There are no mechanisms to 
securely and automatically update a 
domain name server at the present 
time. 

The security issue could be even more 
serious for wireless communication, 
which is increasing in popularity. The 
traditional analog cellular phones are 
very insecure. The 32-bit serial number, 
the 34-bit telephone number, and the 
conversation in a cell can be “scanned” 
easily by an all-band receiver. The 
widely used AMPS (Advanced Mobil 
Phone System) is an analog cellular 
phone system. Therefore, sending a 
password or a hostname through this 
system can be a serious security issue. 

Another security issue in wireless 
communication is in communication 
satellites, w-hich has many advantages 
over wired communication: 

- Mobil communication; 


A message can be broadcasted to 
thousands of receivers at once; 

- No hostile terrain, or right of way 
problems, etc. 

However, the broadcasting feature of 
satellite communication could cause a 
major security problem: everybody can 
receive every message. Therefore, 
cryptography is essential for wireless 
communication when security is 
required. 

As far as web access control is 
concerned, an alternative solution is to 
use a public key certificate, along with a 
web controller and a web guard 
program. 

When a user wants to access a page, he 
can use his private key to sign a request 
for access. The request is sent to a web 
controller. The controller uses the 
requester’s public key in the directory to 
verify his signature and checks the 
access control list. If both are verified, 
the controller then informs the web 
guard to authorize the web access. 

Signing a request by using the 
requester’s private key, without sending 
any confidential information, provides 
protection in wireless communication. 

5. Simulation and Analysis of 
Registration Process 

The simulation includes two processes: 
the registration process and the 
application process. 

The registration process has a server (i.e. 
NASA CA as shown in Fig. 1) and 
thousands of certificate requesters from 
each center. This process can be 
represented as an M/M/1 queueing 
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model with Poisson arrivals, exponential 
(Markovian) service times, and the 
number of servers is one. 

In this M/M/1 model, the service rate (|l) 
which is the computer speed of 
Certification Authority, is much higher 
than the interarrival rate (X) which is the 
human speed of Registration Authority. 
Therefore, even though there is only one 
CA creating certificates for the whole 
NASA community, the server utilization 
rate (p = A/fl) will be very low and there 
is no performance problem. 

6. Simulation and Analysis of 
Application Process 

The application process, shown in Fig. 2, 
can also be represented as a M/M/1 
model. In each NASA center, there is a 
directory server that stores user 
certificates for applications to retrieve 
the user’s public key. The access time to 
a directory could be different when (1) 
the certificate is found in the local 
directory server; (2) the certificate is 
found in another center’s directory 
server; (3) the certificate is not found at 
all. 

The assumed mean interarrival time is 3 
seconds/arrival and the mean service 
time is 2 seconds/arrival. 

The SimProcess simulation was 
executed and the results are shown in 
Table 1 with the following notations: 

Lq: the number of arrivals in the queue, 
Ls: the number of arrivals in the system, 
Wq: the waiting time in the queue, 

Ws: the waiting time in the system, and 
p: the server utilization rate 


SimProcess 

MatLab 

Theore- 

tical 

Lq 

* 

1.35 

1.33 

Ls 

1.93 sec. 

2.01 

2.00 

Wq 

3.83 sec. 

4.01 

4.00 

Ws 

5.83 sec. 

5.98 

6.00 

P 

66.08 % 

66.49 

66.67 


Table 1: Results of an M/M/1 Queue 
* Not available in the SimProcess report 


In order to verify the correctness of the 
results. We use another software called 
MatLab and wrote MatLab programs to 
verify the results of SimProcess [5]. We 
then use queueing theory to calculate the 
theoretical results and compare them 
with the results from MatLab and 
SimProcess. The results from 
SimProcess, MatLab and theoretical 
calculation are listed in Table 1. 

The theoretical results are calculated as 
follow [6]: 


Ls~—P— 

1 -P 

Wq -\ — p 

Ws = — + Wq 
P 

Where p = X / p = (1/3) / (1/2) = 0.6667. 

The curves of Ls and Ws versus p for 
the M/M/1 queue in Fig. 10 and 1 1 show 
the relationship between these variables 
[7]. As the directory server utilization 
rate, p, increases and approaches 1, the 
number of arrivals in the system, Ls, and 
the average waiting time in the system, 
Ws, approach infinity. 


7 




p 

Fig. 10: Ls vs. p for an M/M/1 Queue 



P 

Fig. 1 1: Ws vs. p for an M/M/1 Queue 

There are three applications shown in 
Fig. 2: encryption/decryption, digital 
signature and secure web server. The 
number of applications will increase as 
more and more applications use 
certificates. 

There are three applications shown in 
Fig. 2: encryption/decryption, digital 
signature and secure web server. The 
number of applications will increase as 
more and more applications use 
certificates. 

In the future, when the number of users 
and the number applications increase, 
the only directory server in each center 
may be a performance bottleneck when 
p approaches 1 . 


In addition, if the directory server fails, 
the PKI is down. The single point of 
failure and the reliability problem could 
be a serious issue. 

If a directory server can only serve up to 
a certain number of users, the scalability 
of PKI could also be a problem. 

One way to solve the above problems is 
to increase the service rate, p. However, 
we still have the reliability and 
scalability problems. 

The other way is to increase the number 
of directory servers, c. In this case, we’ll 
have an M/M/c queueing model. 

7. Lessons Learned in Simulating an 
M/M/3 Queueing Model 

A MatLab program is implemented to 
simulate an M/M/3 queueing model with 
three servers. The assumed average 
interarrival rate is 3 arrival/second and 
the average service rate is 1.2 
arrival/second. 

It is an interesting learning experience to 
write MatLab programs to simulate the 
M/M/1 and M/M/3 queues because 
every detail in the queueing process have 
to be considered. For example, the 
expected number of arrivals in the 
queue, Lq, can be calculated as the total 
integrated area of the queue duration 
time divide by the total duration time. 
The first ten pieces of integrated area is 
listed in Table 2. The number in front of 
the multiplication is the number of 
arrivals in the queue, and the two 
numbers inside the parentheses are the 
time periods when this number of 
arrivals is waiting in the queue. 
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- 1-1 


Number 

Integrated Areas 

1 

1 * (4.792163 - 4.754428) 

2 

2 *(4.920536 -4.792163) 

3 

1 * (5.434270 - 4.920536) 

4 

0* (5.565315 -5.434270) 

5 

1 * (5.721122 -5.565315) 

6 

0 * (5.745093 - 5.721122) 

7 

1 * (5.827488 - 5.745093) 

8 

2 * (5.927124 - 5.827488) 

9 

1 * (5.947090 - 5.927124) 

10 

0 * (6.359555 - 5.947090) 


Table 2: Ten Pieces of Queue Duration 
Time 

A SimProcess program is designed to 
model the M/M/3 queue. The diagram 
for this model is shown in Fig. 12. 
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Where X is the arrival rate, (I is the 
service rate, r = X/\ X, c is the number of 
servers and n is the number of arrivals. 


MM3 Queueing Model 





Fig. 12: An M/M/3 Queueing Model 

The arrivals are generated at average 1/3 
second per arrival. These arrivals are 
‘branched’ into one of the three servers, 
each has the probability of 1/3 to serve 
the arrivals. The average service rate is 
0.83 second per arrival. A ‘merge’ 
activity is provided in order to generate 
the final results. 

The theoretical results are calculated as 
follow: 


The results from MatLab, SimProcess 
and the theoretical equations are listed in 
Table 3. 



SimProcess 

MatLab 

Theore- 

tical 

Lq 

* 

3.49 

3.51 

Ls 

6.47 sec. 

5.98 

6.01 

Wq 

1.30 sec. 

1.16 

1.17 

Ws 

2.15 sec. 

1.99 

2.00 

P 

85.08 % 

83.33 

83.33 

Tabl 

e 3: Results ol 

r an M/M/3 Queue 


* Not available in the SimProcess report 


The reason that the MatLab results are 
very close to the theoretical results is 
because the number of arrivals used in 
the MatLab program was set to high, i.e. 
1 million arrivals. 

From the above comparisons, the authors 
are confident that the results generated 
from SimProcess, which are the 
simulation program used in this paper, is 
correct. 
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8. Conclusion 

The results from MatLab, SimProcess 
and theoretical calculation show that the 
registration process has no performance 
issue. The application process may need 
to increase the number of directory 
servers when the number of users and 
applications increase and the server 
utilization approaches unity. 
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Appendix: A Sample Decoded 

X.509 Certificate 

Version: v3 

Serial Number: 832971079 


Signature Alg: 
mdSWithRSAEncryption 
(1.2.840.113549.1.1.4) 
Parameters : none 

Issuer: C=US, 0=National 
Aeronautics and Space 
Administration 

Validity: Not Before 
960905120642+0800 

Not After 
980905120642+0800 

Subject: C=US, 0=Na tional 
Aeronautics and Space 
Administration, serialNumber=64 
+ CN=Yuan K. Liu 
SubjectPKInf o : rsaEncryption 
(1.2.840.113549.1.1.1) 

Parameters : none 
Public Key: 
modulus : 

00 ba 7 f d6 16 db 78 0a 
17 26 80 57 2a d7 66 4b 

01 99 de 81 cb 8d 09 95 
fb la 45 f 5 fl 42 62 c3 

62 db ab 6e 9b 33 dd 64 
76 bf 02 42 18 dl 39 db 

Id 84 7b de 16 7b 31 c9 
ff d7 f 2 8b 49 8b 78 9c 
f 5 

public exponent: 

03 

Issuer UID: none 
Subject UID: none 
Extensions: 4 
Extension 1: Critical 
cRLDistributionPoints (old) 
(2.5.29.25) 

SEQUENCE 
. SEQUENCE 
. . SEQUENCE 

- . - SET 

.... SEQUENCE 

OID 

2.5.4. countryName ( 6 ) 

Print ablest ring 

"US” 


. . . SET 

.... SEQUENCE 
OID 

2.5.4 . organizationName (10) 

Print ablest ring 

"National Aeronautics and Space 
Administra 
tion" 

. . . SET 

.... SEQUENCE 
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OID 

2.5.4. commonName ( 3 ) 

PrintableString 

"CRL1" 

Extension 2: Critical 
authorityKeyldentif ier (old) 
(2.5.29.1) 

SEQUENCE 
. [ 0 ] 

”832970810” 

Extension 3 : keyAttributes 

(old) (2.5.29.2) 

SEQUENCE 
. OCTET STRING 
” 832971079" 

- [ 0 ] 

05 20 

Extension 4 : basicCons traints 

(old) (2.5.29.10) 

SEQUENCE 

. BIT STRING number of 
bits = 2 


40 

Signature Alg: 
md5Wi thRSAEncrypt ion 
(1.2.840.113549.1.1.4) 
Parameters : none 
Signature Value: 

43 e3 80 04 da 5a 04 4e 
25 73 db 90 92 85 cO lb 

11 ab e2 31 cb b3 fc 61 
78 lb 48 15 el 27 de Of 

18 fO 38 59 2a e3 01 bl 
5d 26 37 2d 88 11 88 25 

4f 04 f 7 5b c8 6c dc el 
49 08 44 b4 bO 04 c4 00 

bb 50 aO ed b2 73 79 f4 
35 3 f 46 e3 a8 91 32 05 

0c da 93 98 08 37 71 02 
4 f 08 46 5f 4a 30 98 dc 

d5 6d 56 52 34 3d 54 c9 
89 8b f 5 39 be d3 f3 fc 

f 4 d3 3 f aa 7f eO e9 6d 
6 f 67 af fO 0b 4e 26 b7 
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19:00-21:00 Reception/Welcome 

Tuesday July 21st, 1998 


8:00 

j Registration Open 

8:15-8:30 

Opening/Welcome 

8:30 - 9:30 

r~ 1 : 

Keynote Speaker: 
Debasis Mitra, Bell Labs, USA 

' 9:00 - 10:00 1 

Coffee Break 

10:00- 12:00j 

Paper Session 1 

12:00- 13:00j 

| Lunch Break 

13:00- 15:00 

Paper Session 2 ) 

15:00- 15:30 

Coffee Break 

[15:30 - 17:30 j 

Paper Session 3 


Wednesday July 22nd, 1998 


http://www.cs.mcgill.ca/~azedine/dmas.html 
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!" 8:00 

Registration Open 

8:30-9:30 

Keynote Speaker: 
Gregor Bochtnann 
University of Ottawa, Canada 

9:30- 10:00 

Coffee Break 

1 10:00- 12:00 

Paper Session 4 

12:00- 13:00 

Lunch Break 

03:00- 15:00 

j Paper Session 5 

1 1 5:00 - 15:3§ 

Coffee Break 

15:30- 17:30| 

Paper Session 6 j 


Thursday July 23rd, 1998 


8:00 j; Registration Open 

8:30- 10:00 

Panel Discussion j 

10:00- 10:30 

Coffee Break 

^0:30- 12:30 

Paper Session 7 

12:30 - 13:30|j Lunch Break 

13:30 - 15:30 

Paper Session 8 

15:30 - 16:00 

Coffee Break 

16:00- 18:00 

Paper Session 9 

19:30-21:30 

Dinner (Cruise) 
at the Saint Laurent River! 


Friday July 24th, 1998 


r 8:30- 10:30 

Paper Session 10 

10:30- 1 1:00 

Coffee Break 

1 1:00- 12:30 

Tools Track 

12:30- 13:30 

| Lunch Break j 

13:30 - 15:30 

Paper Session ll| 

15:30 

Close 1 


• Last Modified: May, 1998 
Azzedine Boukerche 
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